On 8/11/2012 8:23 PM, J Webster wrote:
squid is a http proxy and not rtmp.
rtmp use other ports then 80\443 and cannot be used over squid(you can
if it's tcp and you allow CONNECT and unsafe ports which is not safe..
and will make the vpn connection vulnerable and maybe useless)
if you have a solid reason to do so it can be a nice project to try.
a more simple way is to assign dedicated IP for each certificate\client.
Regards,
Eliezer
The reason I asked about rtmp is that many sites you access the video
via the web browser but it sends it back via rtmp.
So, this is not possible through squid at all?
However, it is possible in a direct connection. So, can you allow 80,443
to go through squid but accept the return directly if on rtmp? probably
not.
rtmp can be used on squid with a big BUT.
since rtmp is a tcp protocol you must allow a CONNECT and destination
ports to be used through the proxy.
but it's not such a safe and good idea to do so.
since the squid box is a router in your case and you will intercept the
port 80\443 rtmp will not have any trouble if you do use NAT for
outgoing connections since rtmp works on other ports then 80 and 443.
So, assign a static IP to a certificate and then have squid log by IP
address, then have a program match up the ip at the time with the client
name?
exactly.
squid always logs by ip and can add username so if you have static ip
you can always know to match the client ip to specific user.
if you will want to be more "sophisticated" you can use reverse dns to
name the static ip's into user ids so any logs software such as
calamaris can show you the used id.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
